Author

Topic: Double Mixer: Mix your Bitcoin with two mixers in series (Read 1531 times)

sr. member
Activity: 391
Merit: 333
Hi everyone.

It seemed no one was using this for quite some time, or at least for any sizeable amount of funds where I've noticed any commissions. At one point it was definitely being used for some large transfers and I never heard of any issues.

Unfortunately, I haven't been running the .onion for a while now, but the code is all still there. I've been busy working on other things. I'd like to hand the reins over for the Github organization and the private key for the .onion.

I could try to sell it to the highest bidder, but then I'd worry about a scammer getting it. So make me an offer of compelling words, Bitcoin, both, or neither, and maybe I'll send it your way for someone else to continue with. Strongly prefer someone with a good track record and who's savvy.

The code is all open source of course if you just want to launch the same thing, rebranded: https://github.com/doublemixer/

I also have the doublemixer-python project and associated libraries that I can transfer into the organization first (and make sure it's transfered from Pypi).
sr. member
Activity: 391
Merit: 333
...

Great project, sega01

There is a case to be made for mixing two different ways if you're going to mix twice.  It might be very hard, but running BTC through Wasabi (CoinJoin) and another mixer might (perhaps Wasabi first?) be very difficult for analysts to break.

Writing the code might be hard though.  

Thank you!

I don't think Coinjoin or Wasabi could be easily integrated into a browser, especially without some kind of proxy layer. But I agree, two different types of mixing would be preferable.

Hopefully the mixing methods used here are dissimilar enough.
member
Activity: 149
Merit: 22
🔴🔵 FoxMixer.com 🔵🔴
Hi everyone.

It seemed no one was using this for quite some time, or at least for any sizeable amount of funds where I've noticed any commissions. At one point it was definitely being used for some large transfers and I never heard of any issues.

Thanks for your work on this project! It definitely brought some cool new ideas to bitcoin mixing and the fact it is open source makes it still useful for everyone interested.
I'd vote for keeping your bitcoin affiliate address in at least one of the mixer stages to whoever is going to take it over.
legendary
Activity: 2758
Merit: 6830
~
It it wasn't made with Python, I would love to take over and even implement ChipMixer's API as the final step (Mix > Mix? > CM chips). Unforunately, I don't really know any about it besides the very basic. Undecided

That was a really cool project. Thanks for that.
full member
Activity: 369
Merit: 101
I checked the site of this tumbler. Its nice and easy. Great job done, as far as designing the interface is concerned.
Are there any reviews of clients who have used this service and there experience? I went through thread and wasn't able to find any.
copper member
Activity: 126
Merit: 12
Seems different with other version minxer  Wink
legendary
Activity: 2940
Merit: 1865
...

Great project, sega01

There is a case to be made for mixing two different ways if you're going to mix twice.  It might be very hard, but running BTC through Wasabi (CoinJoin) and another mixer might (perhaps Wasabi first?) be very difficult for analysts to break.

Writing the code might be hard though.  
legendary
Activity: 1666
Merit: 1285
Flying Hellfish is a Commie
Question though- Is there anyway to calculate the fees of the mixing before we start mixing (I haven't tried this yet, asking before I do anything) Thanks for making this, much love.
Not an already calculated value/overview, but you can just read the Letters of Guarantee before sending anything. In my just generated example case:

Quote
Receiving Mix Letter Of Guarantee
[...] Our fee is 3.761% + 0.0003 for every forward address

Final Mix Letter Of Guarantee
[...] A total transaction fee of only 1 % and a fee of 0.00100000 BTC per payout address is subtracted.

Then you need to manually calculate that. Cheesy

Considering that the letter's format is always the same (supposedly), maybe he could scrape these percentages and make a calculator.

Ah, got it. I probably should've just went to the next stage of mixing to find out, but I guess I was a tad lazy. Thanks
legendary
Activity: 2758
Merit: 6830
Question though- Is there anyway to calculate the fees of the mixing before we start mixing (I haven't tried this yet, asking before I do anything) Thanks for making this, much love.
Not an already calculated value/overview, but you can just read the Letters of Guarantee before sending anything. In my just generated example case:

Quote
Receiving Mix Letter Of Guarantee
[...] Our fee is 3.761% + 0.0003 for every forward address

Final Mix Letter Of Guarantee
[...] A total transaction fee of only 1 % and a fee of 0.00100000 BTC per payout address is subtracted.

Then you need to manually calculate that. Cheesy

Considering that the letter's format is always the same (supposedly), maybe he could scrape these percentages and make a calculator.
legendary
Activity: 1666
Merit: 1285
Flying Hellfish is a Commie
Unsure why it took me this long to find something like this, probably wasn't looking hard enough.

+Merited.

Question though- Is there anyway to calculate the fees of the mixing before we start mixing (I haven't tried this yet, asking before I do anything) Thanks for making this, much love.
sr. member
Activity: 391
Merit: 333
Tor Browser 9 issue has been worked around. The canvas bug where you couldn't see QR codes on Tor Browser has also been fixed by switching to an HTML table based QR generator.

So back in business Smiley.

Clearnet double mixer

Tor double mixer
jr. member
Activity: 194
Merit: 8
Two mixers are always better than only one
sr. member
Activity: 391
Merit: 333
Code:
The receiving mixer stage is broken in Tor Browser 9 when using the doublemix....onion Hidden Service.

what the mean is that?
This means that if you are using Tor Browser 9 and use the onion mirror of the website, the "Receiving Mix Letter Of Guarantee" field will be empty. So, instead of sending to the address on that field, which then sends the output to the Final Mix address, you must send the coins directly to the Final Mix address.

Normally:
1. You send BTC to receiving mix.
2. Receiving mix send BTC to final mix.
3. Final mix sends BTC to your output address.

With this issue:
1. You send BTC to final mix.
2. Final mix sends BTC to your output address.

1 Less step.

I appreciate your reply. If you do that, there's no reason to use DoubleMixer as it would just be a single mix.

Hopefully the bug will be fixed though. If you're not on Tor Browser 9 you should be okay. You can also use the clearnet site (https://doublemixer.github.io) from Tor Browser and it will work fine.

Bug report is here: https://trac.torproject.org/projects/tor/ticket/32255

I'm working with Bitmix to see if we can find a workaround.
legendary
Activity: 2758
Merit: 6830
Code:
The receiving mixer stage is broken in Tor Browser 9 when using the doublemix....onion Hidden Service.

what the mean is that?
This means that if you are using Tor Browser 9 and use the onion mirror of the website, the "Receiving Mix Letter Of Guarantee" field will be empty. So, instead of sending to the address on that field, which then sends the output to the Final Mix address, you must send the coins directly to the Final Mix address.

Normally:
1. You send BTC to receiving mix.
2. Receiving mix send BTC to final mix.
3. Final mix sends BTC to your output address.

With this issue:
1. You send BTC to final mix.
2. Final mix sends BTC to your output address.

1 Less step.
newbie
Activity: 14
Merit: 0
Code:
The receiving mixer stage is broken in Tor Browser 9 when using the doublemix....onion Hidden Service.

what the mean is that?
sr. member
Activity: 391
Merit: 333
I'd like to announce an affiliate / referral program for Double Mixer.

It's very straight forward. Just send people to:

Code:
https://doublemixer.github.io/#ref=(your bitcoin address)

and/or:

Code:
http://doublemixwcfx4wadeuvuygpxej5jpu7uleesh3yptopnbj5kshnlrid.onion/#ref=(your bitcoin address)

For more information, see here. There's even a referral URL generator to make things easier.
sr. member
Activity: 391
Merit: 333
Hi!

I'm what you could call a power-user of FoxMixer (used various others before).
By chance I stumbled across your project while browsing through this forum and I decided to have a closer look.
I'm not a programmer so I like that it'S damn simple to just enter the address and boom: everything else is done for you and the letters of guarantees are downloaded. Good job!
It's not that I will now always use two mixers but it's good to have the choice.
Just wondering why this project is so hidden. This should also be featured on other bitcoin sites IMHO. - Excellent work!

Yeah, FoxMixer is pretty great. I've found their team to be extremely responsive getting back to me. BitMix has also been responsive, helps earn trust that way for sure.

Agreed, double mixing is often overkill, I just wanted to make it a bit easier and have more discussion of the concepts. It's kind of a working proof of concept.

Thank you!! I very much appreciate what you said.
newbie
Activity: 3
Merit: 0
Hi!

I'm what you could call a power-user of FoxMixer (used various others before).
By chance I stumbled across your project while browsing through this forum and I decided to have a closer look.
I'm not a programmer so I like that it'S damn simple to just enter the address and boom: everything else is done for you and the letters of guarantees are downloaded. Good job!
It's not that I will now always use two mixers but it's good to have the choice.
Just wondering why this project is so hidden. This should also be featured on other bitcoin sites IMHO. - Excellent work!
sr. member
Activity: 391
Merit: 333
Alright, finally got this done!

https://doublemixer.github.io

http://doublemixwcfx4wadeuvuygpxej5jpu7uleesh3yptopnbj5kshnlrid.onion/

Live with double mixing. Please let me know how it works out for you. Obviously, please audit the code, make sure you don't send too much or too little (read the minimums/maximums in the guarantees), validate the signatures, etc.

Thanks for BitMix and for Foxmixer for both enabling CORS headers to make this possible.

If you connect to the .onion, the upstream mixer's .onions will be used for connecting to their API. If you use clearnet, that's obviously not the case.

Lastly, one major update on doublemixer-python. It now uses a local Tor SOCKS proxy and the corresponding Hidden Services by default.
sr. member
Activity: 391
Merit: 333
Making some progress on the Javascript version. Currently only FoxMixer is used, so it's a single mixer and no better than using Fox Mixer directly. But, hoping to add BitMix soon.

https://doublemixer.github.io

http://doublemixwcfx4wadeuvuygpxej5jpu7uleesh3yptopnbj5kshnlrid.onion/
sr. member
Activity: 391
Merit: 333
Thanks mate for the update!

For the time being, we implemented a very hacky solution that doesn't work so well and breaks easily.

That's nice to see that there is some progress at this project. I quickly had a look at your code and it looks promising and well structured!

I'm currently very busy with other parts of the project.
If we have some time and our team decides to focus on the browser-based mixing again, we'll test your code more in depth and cross-platform. We still think this is a huge topic and the implementation with FoxMixer on client/browser-side would be a plus for privacy in our project.

Glad to hear that, thank you! I hope it works out for you.
newbie
Activity: 6
Merit: 4

Sorry for the wait! Just the JS version working with FoxMixer: https://github.com/teran-mckinney/doublemixer-js

Haven't checked it for browser compatibility. I hope this isn't too late and that it still helps.

Thanks mate for the update!

For the time being, we implemented a very hacky solution that doesn't work so well and breaks easily.

That's nice to see that there is some progress at this project. I quickly had a look at your code and it looks promising and well structured!

I'm currently very busy with other parts of the project.
If we have some time and our team decides to focus on the browser-based mixing again, we'll test your code more in depth and cross-platform. We still think this is a huge topic and the implementation with FoxMixer on client/browser-side would be a plus for privacy in our project.
sr. member
Activity: 391
Merit: 333
Ok, I see. A multi-address approach is possibly too complicated and error prone for daily use.

I'm in a team operating a browser-based bitcoin wallet focused on privacy and I'm currently thinking about integrating your implementation of the client-side part of foxmixer into this wallet. Basically, the idea would be that whenever a user wants to withdraw funds from his wallet, he gets to choose whether to withdraw directly or using the foxmixer browser-based mixing.
By doing all of this client-side, it is more transparent to the users what is happening and it is not hidden behind secret server calls of the wallet.

Do you have any experience on how well your client works in different browsers?

That's pretty cool. I honestly haven't tested it, it's just prototype code. I can work on it and bit more and see.

Generally, my JS is geared towards the latest browsers. I don't bother writing anything for IE 7 compatibility, etc. But honestly if you have an in-browser Bitcoin wallet, they probably should be running latest versions anyways.

I think this is a great idea, let me know if you implement it.
newbie
Activity: 6
Merit: 4

Thanks for your reply!

Both the CLI and browser versions are client side only and don't rely on anything other than the existing mixing services.

Very rudimentary, only one backend is working. Most mixers don't add CORS headers and I haven't pursued having them add it a whole lot let yet.

https://github.com/teran-mckinney/doublemixer-js

Yeah, definitely possible to go to an intermediate address. I've used this setup a few times and never had an issue but have been aware of it as well. IMO: the mixer needs to honor their guarantees and if they don't, you can go after them with that. But you're right, if a payment is way too late, it doesn't work out. I've tried to set the delays to be pretty conservative to help with that.

What I like is that how it is, it's one shot. No polling, etc. Super simple, little to break on the client's side. No actual coin handling there. Intermediate step could be done with WalkingLiberty. It would add another "interaction" that might help track users at a network level, but if using Tor, should be fine.

If you really wanted to do that now, after installing doublemixer you'll get `foxmixer`, `bitmix`, and `privcoin`. You can mix with one of those into a `walkingliberty` wallet, then mix out to where you really want to go. Personally, as I've yet to have a problem I'm not too concerned yet. If moving a lot of money it would be more of a concern but again, haven't seen any issues yet.

Ok, I see. A multi-address approach is possibly too complicated and error prone for daily use.

I'm in a team operating a browser-based bitcoin wallet focused on privacy and I'm currently thinking about integrating your implementation of the client-side part of foxmixer into this wallet. Basically, the idea would be that whenever a user wants to withdraw funds from his wallet, he gets to choose whether to withdraw directly or using the foxmixer browser-based mixing.
By doing all of this client-side, it is more transparent to the users what is happening and it is not hidden behind secret server calls of the wallet.

Do you have any experience on how well your client works in different browsers?
sr. member
Activity: 391
Merit: 333
Thumbs up for the idea of a client-side only version.
That would open the plugin to the world of web developers.
Is there already some work on this that you can showcase?

Just had the same concerns as quickseller mentioned in his post:

I would advise against doing this.

Both mixing services are only guaranteeing the address will be valid for a limited amount of time. If there is a problem/delay with the 1st mixing service that causes the transaction to confirm after the cutoff time for the 2nd mixing service, or if multiple transactions are sent from the first mixing service with the last one being after the cutoff, then the second mixing service may not send you your money. This would be a real problem because some mixing services periodically delete their private keys associated with zero balance addresses in order to protect privacy of their users in case a government agency finds their servers.

The following idea to resolve this just came to mind:

Would it be possible to have the intermediate payout of the first mixer that should go into the second mixer go to an intermediate address that is owned by me (client-side) instead?
Only if the payment arrives at this intermediate address the second mixer is triggered and the payment is redirected to it.
Of course, this mode of mixing only works if the client stays alive and watches the intermediate address throughout the process.

This way of handling it would defeat the risk of a mixer taking longer than expected resulting in the payment not arriving at the second mixer in time.

Thanks for your reply!

Both the CLI and browser versions are client side only and don't rely on anything other than the existing mixing services.

Very rudimentary, only one backend is working. Most mixers don't add CORS headers and I haven't pursued having them add it a whole lot let yet.

https://github.com/teran-mckinney/doublemixer-js

Yeah, definitely possible to go to an intermediate address. I've used this setup a few times and never had an issue but have been aware of it as well. IMO: the mixer needs to honor their guarantees and if they don't, you can go after them with that. But you're right, if a payment is way too late, it doesn't work out. I've tried to set the delays to be pretty conservative to help with that.

What I like is that how it is, it's one shot. No polling, etc. Super simple, little to break on the client's side. No actual coin handling there. Intermediate step could be done with WalkingLiberty. It would add another "interaction" that might help track users at a network level, but if using Tor, should be fine.

If you really wanted to do that now, after installing doublemixer you'll get `foxmixer`, `bitmix`, and `privcoin`. You can mix with one of those into a `walkingliberty` wallet, then mix out to where you really want to go. Personally, as I've yet to have a problem I'm not too concerned yet. If moving a lot of money it would be more of a concern but again, haven't seen any issues yet.

Brilliant idea.
My question, will this be secure for transaction.

Thank you! What do you mean?
newbie
Activity: 6
Merit: 4
Thumbs up for the idea of a client-side only version.
That would open the plugin to the world of web developers.
Is there already some work on this that you can showcase?

Just had the same concerns as quickseller mentioned in his post:

I would advise against doing this.

Both mixing services are only guaranteeing the address will be valid for a limited amount of time. If there is a problem/delay with the 1st mixing service that causes the transaction to confirm after the cutoff time for the 2nd mixing service, or if multiple transactions are sent from the first mixing service with the last one being after the cutoff, then the second mixing service may not send you your money. This would be a real problem because some mixing services periodically delete their private keys associated with zero balance addresses in order to protect privacy of their users in case a government agency finds their servers.

The following idea to resolve this just came to mind:

Would it be possible to have the intermediate payout of the first mixer that should go into the second mixer go to an intermediate address that is owned by me (client-side) instead?
Only if the payment arrives at this intermediate address the second mixer is triggered and the payment is redirected to it.
Of course, this mode of mixing only works if the client stays alive and watches the intermediate address throughout the process.

This way of handling it would defeat the risk of a mixer taking longer than expected resulting in the payment not arriving at the second mixer in time.
sr. member
Activity: 391
Merit: 333
sr. member
Activity: 391
Merit: 333
Just wanting to do a feeler. How many of you would use this if it were done all client side in a browser? Clearnet site and hidden .onion. Javascript, of course.
sr. member
Activity: 391
Merit: 333
Nice idea, now we only need to worry if either mixer steal our coins or both mixer system completely de-anonymized.

While i doubt i'll use 2 mixers, any thoughts to add parameter/argument for time delay (since i only saw currency and output_address param on your code)?

Absolutely no warranties expressed or implied, no liability on the author's behalf, etc.

Then you might want use MIT License (or any license where user cannot hold liable to author) on your GitHub repository.

The different APIs take pretty different arguments with time delay. Some are in minutes, some hours, some hours but only allow integer and not float. I could maybe normalize them and use hours, but making it int if they don't support float. The values I selected are trying to be sane defaults.

Unlicense has a liability clause:
Quote
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
IN NO EVENT SHALL THE AUTHORS BE LIABLE FOR ANY CLAIM, DAMAGES OR
OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE,
ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR
OTHER DEALINGS IN THE SOFTWARE.
copper member
Activity: 322
Merit: 0
Hello, you could also add BitCloak mixer to the list as it has a very good api.
https://bitcloak43blmhmn.com/api

Ah, thank you. Did not know they had an API. I think that will be the next one on the list.

Please add our service as well. Here is a link to our API http://www.bitmaximumgnmsaf.onion/en/api Our service will secure your chain.
legendary
Activity: 2758
Merit: 6830
Looks like ChipMixer's maintenance is over.

Quick update for those who encountered maintenance mode

1. Maintenance is over and everything works except
2. Sweeping is still broken and maintenance did not help. Please use private keys yourself (as we always encourage) instead of sweeping with website for now.


The API is returning the right results now.
sr. member
Activity: 391
Merit: 333
Hello, you could also add BitCloak mixer to the list as it has a very good api.
https://bitcloak43blmhmn.com/api

Ah, thank you. Did not know they had an API. I think that will be the next one on the list.
newbie
Activity: 20
Merit: 0
Hello, you could also add BitCloak mixer to the list as it has a very good api.
https://bitcloak43blmhmn.com/api
sr. member
Activity: 391
Merit: 333
Looks like the whole service is in maintenance (not just the API). I just visited the website (ChipMixer.com) and tried to create a new session. The same message appeared for me.

Just wait a few hours. Tongue

Ok Smiley

------

New version, 0.0.3. Now randomly selects two of Bitmix, Privcoin, and Foxmixer. Both the mixer selection and ordering is random.

To upgrade:
Code:
pip3 install -U doublemixer
legendary
Activity: 2758
Merit: 6830
Hmm, interesting.

Tried https://chipmixer.com/api/v1/new_session and it says it's in maintenance mode at the moment.
Looks like the whole service is in maintenance (not just the API). I just visited the website (ChipMixer.com) and tried to create a new session. The same message appeared for me.

Just wait a few hours. Tongue
sr. member
Activity: 391
Merit: 333
Maybe it could be the final destination.

Your Address -> Some mixer -> ChipMixer.
Or Your Adress -> Some mixer -> Some other mixer -> ChipMixer.

Hmm, interesting.

Tried https://chipmixer.com/api/v1/new_session and it says it's in maintenance mode at the moment.
legendary
Activity: 2758
Merit: 6830
I haven't looked as much into Chipmixer. I think it would not fit as easily in the double mixing model, given the sizing of the chips.

I will most likely add some of the more "traditional" ones if I see any traction with what I've already written.
Maybe it could be the final destination.

Your Address -> Some mixer -> ChipMixer.
Or Your Adress -> Some mixer -> Some other mixer -> ChipMixer.
sr. member
Activity: 391
Merit: 333
Thank you all for your feedback!

More mixers should make python libraries,it would be awesome if you could add Chipmixer and bestmixer.

Bestmixer requires an API key per user. I contacted them about this and they didn't seem interested in opening up the API.

I haven't looked as much into Chipmixer. I think it would not fit as easily in the double mixing model, given the sizing of the chips.

I will most likely add some of the more "traditional" ones if I see any traction with what I've already written.
legendary
Activity: 2758
Merit: 6830
More mixers should make python libraries,it would be awesome if you could add Chipmixer and bestmixer.
Also for @OP: ChipMixer actually has an API. They never publicized this everywhere but they had an Electrum plugin to make the mixing work natively in the wallet.

This is the base URL: https://chipmixer.com/api/v1/

AFAIK, there is no API Doc, but you should be able to get everything you need from their Electrum plugin source code: https://github.com/chipmixer/electrum/tree/plugin/plugins/chipmixer

For example: https://chipmixer.com/api/v1/new_session
This creates a new session and returns a JSON with the token and the deposit address;

Looks like it's still working.
legendary
Activity: 1059
Merit: 1020
Interesting project but there is still a little risk to lose funds if one of the mixing services turns out as a scam. Perhaps, it is a good idea to connect your project with a decentralized mixer like CoinJoin to reinforce the security. All in all, good job. I hope to see more projects.
newbie
Activity: 12
Merit: 0
More mixers should make python libraries,it would be awesome if you could add Chipmixer and bestmixer.
sr. member
Activity: 391
Merit: 333
Update: This is now available in your browser. Double Bitcoin Mixer or http://doublemixwcfx4wadeuvuygpxej5jpu7uleesh3yptopnbj5kshnlrid.onion/



--

Use of any one mixer comes down to trust. Trust that the mixing is sound, that the mixer is not compromised, and that it's not a honeypot to begin with.

Using two chained mixers mitigates most of this risk. Odds of having two bad mixers is far lower than just one.

To this end, I've written a Python 3 library and CLI for Privcoin and Bitmix. They can both be used separately, like
Code:
privcoin mix --currency bitcoin --output_address 1aaaa...
or
Code:
bitmix mix --currency bitcoin --output_address 1aaaa...
.

The improvement is using both, together.

Code:
pip3 install doublemixer
Code:
doublemixer mix --currency bitcoin --output_address 1aaaa...

You may wish to run it with torsocks to route the traffic over Tor.

This is completely client side, so no need to trust a third party. Just be sure to review the code of privcoin-python, bitmix-python, and doublemixer-python before use. Absolutely no warranties expressed or implied, no liability on the author's behalf, etc.

Source code for doublemixer on Github

In action:



Affiliate / Referrals:

You can make money linking to Double Mixer.
Code:
https://doublemixer.github.io/#ref=(your bitcoin address)
, or
Code:
http://doublemixwcfx4wadeuvuygpxej5jpu7uleesh3yptopnbj5kshnlrid.onion/#ref=(your bitcoin address)
. For more information, see here.
Jump to: